NERC CIP-015: Monitoring Deep Inside Critical Networks to Keep Adversaries Outside

Tuesday, 19 Aug 2025 1:00PM EST (19 Aug 2025 17:00 UTC)
Speakers: Tim Conway, Robert M. Lee

As cyber threats become increasingly advanced and persistent, traditional perimeter-based defenses are no longer sufficient to protect critical infrastructure. For professionals responsible for securing the Bulk Electric System (BES), understanding the shift towards monitoring east–west traffic within trusted environments is essential. Recognizing the evolving threat landscape, the Federal Energy Regulatory Commission (FERC) issued Order 887, calling for enhanced detection capabilities that extend beyond the existing North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards, which have primarily focused on perimeter (north–south) controls.

Join us on August 19th, 2025, at 1:00pm ET for an in-depth webinar featuring Tim Conway, SANS ICS Curriculum Lead, and Robert M. Lee, Co-Founder and CEO of Dragos and SANS ICS/OT Practice Lead. Together, they’ll break down the evolving cybersecurity requirements under NERC CIP and examine the three core stages of the upcoming CIP-015 Internal Network Security Monitoring (INSM) standard: collection, detection, and analysis. Attendees will gain practical insights into developing the technical and organizational capabilities needed to monitor internal network communications and defend against sophisticated threats. This session is a must-attend for security and compliance professionals in the energy sector preparing for the next phase of CIP evolution.